Knowledge Base
All KB
Documents DT Documents
Articles & FAQs AR Articles
Trouble Reports TR Trouble Reports
Software Updates SU Software Updates
Searching in : Trouble report
ID:TR10U11029
Added on: 2023-10-26
Last Update: 2023-11-06
Solved in version: 8.10.1
Platform: All Linux Platforms
Product: NoMachine Server
Severity: Serious
Status: Solved
Print this article

CVE-2023-5367 affects the xserver component shipped by NoMachine server packages

The patch for CVE-2023-5367 X.Org server: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty
has to be imported into the xserver component shipped by NoMachine server packages.

Ref.
https://lists.x.org/archives/xorg-announce/2023-October/003430.html

Albeit this doesn't affect NoMachine, the fix for CVE-2023-5380: Use-after-free bug in DestroyWindow will be imported as well.

The fix for CVE-2023-5574: Use-after-free bug in DamageDestroy will be instead not imported because NoMachine doesn't use Xvfb, which is the only component affected.

 

SOLVED, Released in version 8.10.1